Graphic explanation: What is digital signature?

Graphic explanation: What is digital signature?
Graphic explanation: What is a digital signature Preface

Recently, When I browsed articles related to SSL protocol encryption on the Internet, I became more confused about "Digital Signature.

Bob has two keys, one known as the public key, and the other known as the private key.

Bob's public key can be obtained by anyone who needs it, but his private key is retained by himself. A key (Public Key and private key) is used to encrypt information. The process of encrypting information means "obfuscation", so that only people with the right key can make it readable again. One of Bob's two keys is used to encrypt the data, and the other is used to decrypt the data.

Susan (as shown below) uses Bob's public key to encrypt a piece of information and sends it to Bob. Bob uses the private key to decrypt the information and read it. Bob's colleagues may be able to obtain the information that Susan has encrypted, but without Bob's private key, the data is useless.

With his private key and appropriate software, Bob places digital signatures in documents and some data. This digital signature is put into the data by Bob and is the unique "identifier" for Bob, which is very difficult to fabricate. In addition, this signature can be found when any data changes.
When signing a document, Bob's software will compress the data into just a few lines. This process is called "HASH Verification", and several lines are called information summaries. (It is impossible to directly restore the Information summary to the original data information)

Then Bob's software uses his private key to encrypt the abstract information. The result is a digital signature.

Finally, Bob's software put the digital signature and information document together. All data has been identified.


Now Bob passed the document to Pat.

Plot tangle ing... (tragedy, no story ...)

As a coincidence, Suan works at the company's CA center (certificate authentication). Susan can sign Bob's public key together with some of his information and simply create a digital certificate for Bob.

Now Bob's colleagues can check Bob's trusted certificate to ensure that their public key is indeed Bob's. In fact, no one in Bob will accept the signature without Susan generating the certificate. This gives Susan the right to revoke the digital certificate from which the private key is leaked, which is almost impossible. Susan's CA certificate verification is widely accepted.

Let's talk about Bob sending the signed document to Pat. To verify the digital signature on the document, Pat first uses the software to use the Susan (CA) Public Key to detect the certificate on the Bob document. If the certificate is successfully unlocked, it is generated by Susan. After the certificate is unbound, Pat can contact the CA center to compare the information on the Bob certificate to check whether the document has been modified.

Pat then obtains Bob's public key from the certificate and uses it to detect Bob's signature. If Bob's public key can successfully unbind the signature, Pat can determine that the signature is generated using Bob's private key and matches the certificate public key issued by Susan. In addition, if the signature is a comparison, it also means that Doug cannot modify the document content.

Although these steps seem a headache, they look like Pat-related user-friendly software scenarios. To verify the signature information, Pat only needs to click:

(Figure shows the ID of the verification digital certificate)